Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2014-6052

Опубликовано: 23 сент. 2014
Источник: redhat
CVSS2: 4.3
EPSS Низкий

Описание

The HandleRFBServerMessage function in libvncclient/rfbproto.c in LibVNCServer 0.9.9 and earlier does not check certain malloc return values, which allows remote VNC servers to cause a denial of service (application crash) or possibly execute arbitrary code by specifying a large screen size in a (1) FramebufferUpdate, (2) ResizeFrameBuffer, or (3) PalmVNCReSizeFrameBuffer message.

A NULL pointer dereference flaw was found in LibVNCServer's framebuffer setup. A malicious VNC server could use this flaw to cause a VNC client to crash.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kdenetworkNot affected
Red Hat Enterprise Linux 6kdenetworkNot affected
Red Hat Enterprise Linux 7kdenetworkNot affected
Red Hat Enterprise Linux 6libvncserverFixedRHSA-2014:182611.11.2014
Red Hat Enterprise Linux 7libvncserverFixedRHSA-2014:182611.11.2014

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-476
https://bugzilla.redhat.com/show_bug.cgi?id=1144288libvncserver: NULL pointer dereference flaw in framebuffer setup

EPSS

Процентиль: 89%
0.0524
Низкий

4.3 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2014-6052

ubuntu
почти 11 лет назад

The HandleRFBServerMessage function in libvncclient/rfbproto.c in LibVNCServer 0.9.9 and earlier does not check certain malloc return values, which allows remote VNC servers to cause a denial of service (application crash) or possibly execute arbitrary code by specifying a large screen size in a (1) FramebufferUpdate, (2) ResizeFrameBuffer, or (3) PalmVNCReSizeFrameBuffer message.

nvd логотип

CVE-2014-6052

nvd
почти 11 лет назад

The HandleRFBServerMessage function in libvncclient/rfbproto.c in LibVNCServer 0.9.9 and earlier does not check certain malloc return values, which allows remote VNC servers to cause a denial of service (application crash) or possibly execute arbitrary code by specifying a large screen size in a (1) FramebufferUpdate, (2) ResizeFrameBuffer, or (3) PalmVNCReSizeFrameBuffer message.

debian логотип

CVE-2014-6052

debian
почти 11 лет назад

The HandleRFBServerMessage function in libvncclient/rfbproto.c in LibV ...

github логотип

GHSA-hph4-vx7v-q23g

github
больше 3 лет назад

The HandleRFBServerMessage function in libvncclient/rfbproto.c in LibVNCServer 0.9.9 and earlier does not check certain malloc return values, which allows remote VNC servers to cause a denial of service (application crash) or possibly execute arbitrary code by specifying a large screen size in a (1) FramebufferUpdate, (2) ResizeFrameBuffer, or (3) PalmVNCReSizeFrameBuffer message.

fstec логотип

BDU:2020-00582

CVSS3: 7.3
fstec
почти 11 лет назад

Уязвимость функции HandleRFBServerMessage кроссплатформенной библиотеки LibVNCServer, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании

EPSS

Процентиль: 89%
0.0524
Низкий

4.3 Medium

CVSS2